自动化运维-centos 8 kickstart系统批量部署
了解kickstart
what’s kickstart
kickstart 是使用一个标准的站点为一些机器安装统一配置的linux 操作系统。
kickstart的配置文件的获得方式:
手动写入
使用GUI system-config-kickstart 工具
使用标准的Red Hat安装程序Anaconda
anaconda-ks.cfg文件
每次CentOS linux 系统安装完毕后,Anaconda将会在ROOT家目录下生成一个anaconda-ks.cfg文件,使用它可以完成相同设置的自动安装,也可以用system-config-kickstart工具进行编辑该文件进行修改。对anaconda-ks.cfg文件修改可以生成自己需要的系统安装自应答文件。
kickstart文件
kickstart文件可以包含系统安装所有需要的交互,也包含系统安装前需要执行的脚本及系统安装后执行的脚本。
kickstart部署实验图
环境:
selinux关闭,防火墙关闭
Server:192.168.2.100
Step 1 配置dnf源
[root@localhost ~]# cat server.repo
[serverApp]
name=app
enabled=1
gpgcheck=0
baseurl=file:///mnt/AppStream
[serverOS]
name=os
enabled=1
gpgcheck=0
baseurl=file:///mnt/BaseOS
Step 2 安装软件包
[root@localhost ~]# dnf install dhcp-server tftp-server httpd syslinux -y
app 74 MB/s | 5.2 MB 00:00
os 75 MB/s | 2.2 MB 00:00
上次元数据过期检查:0:00:01 前,执行于 2019年12月01日 星期日 20时49分26秒。
依赖关系解决。
===============================================================================================================================
软件包 架构 版本 仓库 大小
===============================================================================================================================
Installing:
httpd x86_64 2.4.37-11.module_el8.0.0+172+85fc1f40 serverApp 1.7 M
tftp-server x86_64 5.2-24.el8 serverApp 50 k
dhcp-server x86_64 12:4.3.6-30.el8 serverOS 529 k
syslinux x86_64 6.04-1.el8 serverOS 576 k
安装依赖关系:
apr x86_64 1.6.3-9.el8 serverApp 125 k
apr-util x86_64 1.6.1-6.el8 serverApp 105 k
centos-logos-httpd noarch 80.5-2.el8 serverApp 24 k
httpd-filesystem noarch 2.4.37-11.module_el8.0.0+172+85fc1f40 serverApp 34 k
httpd-tools x86_64 2.4.37-11.module_el8.0.0+172+85fc1f40 serverApp 102 k
mod_http2 x86_64 1.11.3-2.module_el8.0.0+10+abf51267 serverApp 156 k
syslinux-nonlinux noarch 6.04-1.el8 serverOS 551 k
安装弱的依赖:
apr-util-bdb x86_64 1.6.1-6.el8 serverApp 25 k
apr-util-openssl x86_64 1.6.1-6.el8 serverApp 27 k
Enabling module streams:
httpd 2.4
事务概要
===============================================================================================================================
安装 13 软件包
总计:3.9 M
安装大小:9.9 M
下载软件包:
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
准备中 : 1/1
Installing : apr-1.6.3-9.el8.x86_64 1/13
运行脚本 : apr-1.6.3-9.el8.x86_64 1/13
Installing : apr-util-bdb-1.6.1-6.el8.x86_64 2/13
Installing : apr-util-openssl-1.6.1-6.el8.x86_64 3/13
Installing : apr-util-1.6.1-6.el8.x86_64 4/13
运行脚本 : apr-util-1.6.1-6.el8.x86_64 4/13
Installing : httpd-tools-2.4.37-11.module_el8.0.0+172+85fc1f40.x86_64 5/13
Installing : syslinux-nonlinux-6.04-1.el8.noarch 6/13
Installing : syslinux-6.04-1.el8.x86_64 7/13
运行脚本 : httpd-filesystem-2.4.37-11.module_el8.0.0+172+85fc1f40.noarch 8/13
Installing : httpd-filesystem-2.4.37-11.module_el8.0.0+172+85fc1f40.noarch 8/13
Installing : centos-logos-httpd-80.5-2.el8.noarch 9/13
Installing : mod_http2-1.11.3-2.module_el8.0.0+10+abf51267.x86_64 10/13
Installing : httpd-2.4.37-11.module_el8.0.0+172+85fc1f40.x86_64 11/13
运行脚本 : httpd-2.4.37-11.module_el8.0.0+172+85fc1f40.x86_64 11/13
运行脚本 : dhcp-server-12:4.3.6-30.el8.x86_64 12/13
Installing : dhcp-server-12:4.3.6-30.el8.x86_64 12/13
运行脚本 : dhcp-server-12:4.3.6-30.el8.x86_64 12/13
Installing : tftp-server-5.2-24.el8.x86_64 13/13
运行脚本 : tftp-server-5.2-24.el8.x86_64 13/13
运行脚本 : httpd-2.4.37-11.module_el8.0.0+172+85fc1f40.x86_64 13/13
运行脚本 : tftp-server-5.2-24.el8.x86_64 13/13
验证 : apr-1.6.3-9.el8.x86_64 1/13
验证 : apr-util-1.6.1-6.el8.x86_64 2/13
验证 : apr-util-bdb-1.6.1-6.el8.x86_64 3/13
验证 : apr-util-openssl-1.6.1-6.el8.x86_64 4/13
验证 : centos-logos-httpd-80.5-2.el8.noarch 5/13
验证 : httpd-2.4.37-11.module_el8.0.0+172+85fc1f40.x86_64 6/13
验证 : httpd-filesystem-2.4.37-11.module_el8.0.0+172+85fc1f40.noarch 7/13
验证 : httpd-tools-2.4.37-11.module_el8.0.0+172+85fc1f40.x86_64 8/13
验证 : mod_http2-1.11.3-2.module_el8.0.0+10+abf51267.x86_64 9/13
验证 : tftp-server-5.2-24.el8.x86_64 10/13
验证 : dhcp-server-12:4.3.6-30.el8.x86_64 11/13
验证 : syslinux-6.04-1.el8.x86_64 12/13
验证 : syslinux-nonlinux-6.04-1.el8.noarch 13/13
已安装:
httpd-2.4.37-11.module_el8.0.0+172+85fc1f40.x86_64 tftp-server-5.2-24.el8.x86_64
dhcp-server-12:4.3.6-30.el8.x86_64 syslinux-6.04-1.el8.x86_64
apr-util-bdb-1.6.1-6.el8.x86_64 apr-util-openssl-1.6.1-6.el8.x86_64
apr-1.6.3-9.el8.x86_64 apr-util-1.6.1-6.el8.x86_64
centos-logos-httpd-80.5-2.el8.noarch httpd-filesystem-2.4.37-11.module_el8.0.0+172+85fc1f40.noarch
httpd-tools-2.4.37-11.module_el8.0.0+172+85fc1f40.x86_64 mod_http2-1.11.3-2.module_el8.0.0+10+abf51267.x86_64
syslinux-nonlinux-6.04-1.el8.noarch
完毕!
Step 3 搭建并启动DHCP
[root@localhost ~]# vim /etc/dhcp/dhcpd.conf
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.100;
range 192.168.2.10 192.168.2.20;
next-server 192.168.2.100;
filename "pxelinux.0";
}
[root@localhost ~]# systemctl start dhcpd
[root@localhost ~]# systemctl status dhcpd
● dhcpd.service - DHCPv4 Server Daemon
Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2019-12-01 20:58:49 EST; 3s ago
Docs: man:dhcpd(8)
man:dhcpd.conf(5)
Main PID: 31465 (dhcpd)
Status: "Dispatching packets..."
Tasks: 1 (limit: 50687)
Memory: 5.0M
CGroup: /system.slice/dhcpd.service
└─31465 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid
12月 01 20:58:49 localhost.localdomain dhcpd[31465]: ** Ignoring requests on virbr0. If this is not what
12月 01 20:58:49 localhost.localdomain dhcpd[31465]: you want, please write a subnet declaration
12月 01 20:58:49 localhost.localdomain dhcpd[31465]: in your dhcpd.conf file for the network segment
12月 01 20:58:49 localhost.localdomain dhcpd[31465]: to which interface virbr0 is attached. **
12月 01 20:58:49 localhost.localdomain dhcpd[31465]:
12月 01 20:58:49 localhost.localdomain dhcpd[31465]: Listening on LPF/ens33/00:0c:29:11:47:97/192.168.2.0/24
12月 01 20:58:49 localhost.localdomain dhcpd[31465]: Sending on LPF/ens33/00:0c:29:11:47:97/192.168.2.0/24
12月 01 20:58:49 localhost.localdomain dhcpd[31465]: Sending on Socket/fallback/fallback-net
12月 01 20:58:49 localhost.localdomain dhcpd[31465]: Server starting service.
12月 01 20:58:49 localhost.localdomain systemd[1]: Started DHCPv4 Server Daemon.
[root@localhost ~]# netstat -antlup | grep :67
udp 0 0 0.0.0.0:67 0.0.0.0:* 31465/dhcpd
udp 0 0 0.0.0.0:67 0.0.0.0:* 1345/dnsmasq
Step 4 生成需要的文件并启动tftp服务
[root@localhost ~]# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
[root@localhost ~]# cp /mnt/isolinux/{vmlinuz,ldlinux.c32,initrd.img} /var/lib/tftpboot/
[root@localhost ~]# mkdir /var/lib/tftpboot/pxelinux.cfg
[root@localhost ~]# vim /var/lib/tftpboot/pxelinux.cfg/default #生成default文件
default linux
timeout 3
label linux
kernel vmlinuz
append initrd=initrd.img ip=dhcp method=http://192.168.2.100/RHEL ks=http://192.168.2.100/ks.cfg
[root@localhost mnt]# systemctl start tftp #启动tftp服务
[root@localhost mnt]# systemctl status tftp
● tftp.service - Tftp Server
Loaded: loaded (/usr/lib/systemd/system/tftp.service; indirect; vendor preset: disabled)
Active: active (running) since Sun 2019-12-01 21:44:06 EST; 5s ago
Docs: man:in.tftpd
Main PID: 33477 (in.tftpd)
Tasks: 1 (limit: 50687)
Memory: 252.0K
CGroup: /system.slice/tftp.service
└─33477 /usr/sbin/in.tftpd -s /var/lib/tftpboot
12月 01 21:44:06 localhost.localdomain systemd[1]: Started Tftp Server.
[root@localhost mnt]# netstat -antulp | grep :69
udp6 0 0 :::69 :::* 1/systemd
Step 5 搭建并启动http服务
[root@localhost ~]# mkdir /var/www/html/RHEL #建立软件包存放目录
[root@localhost ~]# mount /dev/cdrom /var/www/html/RHEL #将光盘挂载到对应目录中
Step 6 生成ks.cfg文件
由于CentOS8.0中没有system-config-kickstart包,所以无法通过工具生成ks文件,需要手动生成,例子中root用户和新建的gongjh用户的密码都为‘`123qwe’
如果需要自己额外指定密码,请使用其它工具进行转换,例如doveadm命令
cp /root/anaconda-ks.cfg /var/www/html/ks.cfg #生成ks.cfg文件
[root@localhost ~]# vim /var/www/html/ks.cfg
#version=RHEL8
ignoredisk --only-use=sda
autopart --type=lvm
# Partition clearing information
clearpart --all #删除所有分区
# Use graphical install
graphical
url --url="http://192.168.2.100/RHEL/" #指定安装URL
# Keyboard layouts
keyboard --vckeymap=cn --xlayouts='cn'
# System language
lang zh_CN.UTF-8
# Network information
network --bootproto=dhcp --device=ens33 --ipv6=auto --activate
network --hostname=localhost.localdomain
# Root password “`123qwe” #root用户的密码"`123qwe"
rootpw --iscrypted $6$lYV8xqOfEWbJZ/8Y$YXDve/YNwljyh6BnrMHkKm.18kyUqZkHBpA4DHA/nEhXckJfNPLpclgNcQUS64XQSDZRAdlWzjPsI8sCe1dPo0
# X Window System configuration information
xconfig --startxonboot
# Run the Setup Agent on first boot
#firstboot disable #初次启动设置
firstboot --disable
# System services
services --enabled="chronyd"
# System timezone
timezone America/New_York --isUtc
#Reboot after installation #安装完成后自动重启
reboot
# License agreement #同意授权协议
eula --agreed
#Add a new user named tyschool password “`123qwe” group whell #普通用户名字为tyschool密码"`123qwe"
user --groups=wheel --name=tyschool --password=$6$GnUoYHa8rYy7XfrK$0OSNtZwn7.mq4mTeEXQvebx8AEKMV7/PYBS0qfLXUUMJFQozCVMGZY3c0gYcfaKhkCDVQAcxCpi01A5f6a9XC. --iscrypted --gecos="tyschool_com_cn"
%packages
@^graphical-server-environment
%end
%addon com_redhat_kdump --disable --reserve-mb='auto'
%end
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end
Step 7 修改文件权限,启动http服务
[root@localhost ~]# chmod a+r /var/www/html/ks.cfg
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl start httpd
[root@localhost ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2019-12-01 22:00:58 EST; 10s ago
Docs: man:httpd.service(8)
Main PID: 33976 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 50687)
Memory: 40.4M
CGroup: /system.slice/httpd.service
├─33976 /usr/sbin/httpd -DFOREGROUND
├─33977 /usr/sbin/httpd -DFOREGROUND
├─33978 /usr/sbin/httpd -DFOREGROUND
├─33979 /usr/sbin/httpd -DFOREGROUND
└─33980 /usr/sbin/httpd -DFOREGROUND
12月 01 22:00:58 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
12月 01 22:00:58 localhost.localdomain httpd[33976]: AH00558: httpd: Could not reliably determine the server's fully qualified>
12月 01 22:00:58 localhost.localdomain httpd[33976]: Server configured, listening on: port 80
12月 01 22:00:58 localhost.localdomain systemd[1]: Started The Apache HTTP Server.
[root@localhost ~]# netstat -antlp | grep :80
tcp6 0 0 :::80 :::* LISTEN 33976/httpd
Step 8 测试
选择网络启动
获取IP和相关文件
开启安装进程
安装完成后自动重启